TREATING YOURSELF (“www.treatingyourself.com”) is strongly committed to respecting and protecting your privacy.
PRINCIPLE #1 – ACCOUNTABILITY
TREATING YOURSELF is responsible for personal information under its control and will designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
1.1 Accountability for TREATING YOURSELF ‘s compliance with the principles rests with the senior management of TREATING YOURSELF and the person or persons designated by senior management as Privacy Officer, even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within the organization may be delegated to act on behalf of senior management or the Privacy Officer.
1.2 TREATING YOURSELF Privacy Officer may be contacted at: Attention: TREATING YOURSELF c/o Privacy Officer, firstname.lastname@example.org
1.3. TREATING YOURSELF is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. TREATING YOURSELF will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.
1.4 TREATING YOURSELF will implement policies and practices to give effect to these principles, including: implementing procedures to protect personal information; establishing procedures to receive and respond to complaints and inquiries; training staff and communicating to staff information about TREATING YOURSELF ’s policies and practices; and developing information to explain TREATING YOURSELF ’s policies and procedures.
PRINCIPLE #2 – IDENTIFYING PURPOSES
TREATING YOURSELF will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 TREATING YOURSELF collects personal information only for the following purposes (“identified purposes”): to provide service(s) and/or products to its customers; to maintain commercial relations and to communicate with its customers (which will include, but not be limited to: billing, collection, advertising, promotion, account verification); to evaluate customers’ financial status and eligibility for credit; to identify customer needs and/or preferences; to meet legal and regulatory requirements; to administer and manage its business operations; and as otherwise required or permitted by law.
2.2 TREATING YOURSELF will provide notice of the identified purposes either orally, electronically or in writing prior to or at the time of collection of the personal information.
2.3 If individual persons collect personal information, they will be able to specify the purposes for which the information is being collected, or will refer the individual whose information is being collected to a designated person at TREATING YOURSELF who will specify the purposes.
2.4 When personal information that previously has been collected is to be used for a purpose not previously identified, the new purpose will be identified prior to use. Unless the new purpose is required by law, and subject to the exceptions referred to in Principle #3, TREATING YOURSELF will obtain the consent of the individual before information is used for that new purpose.
2.5 Occasionally, TREATING YOURSELF will communicate to you special bonus and new product offers that we think may be of value to you. TREATING YOURSELF may retain third parties to assist it in marketing such new or additional TREATING YOURSELF products and services to our customers (and for such purpose may share personal information with such third parties) but will not otherwise disclose or make available any personal information to any third parties seeking to market their products to TREATING YOURSELF ‘s customers. All TREATING YOURSELF customers have the right to choose not to participate in direct marketing of new products and services from TREATING YOURSELF . If you wish to opt-out of receiving targeted communications from TREATING YOURSELF in electronic, printed or verbal format simply inform us in writing at: Attention: TREATING YOURSELF c/o Privacy Officer, Email: email@example.com
2.6 The Site may provide hyperlinks, which are highlighted words or pictures within a hypertext document that may, when clicked, take you to another place within the document, to another document altogether, or to a third party website not controlled by TREATING YOURSELF . Such hyperlinked third party websites may collect and disclose information different than this Site. TREATING YOURSELF is not responsible for the collection, use, or disclosure of information collected through these third-party websites, and TREATING YOURSELF expressly disclaims any and all liability related to such collection, use, or disclosure.
PRINCIPLE #3 – CONSENT
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
3.1 In certain circumstances, personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way; where used or disclosed in the case of an emergency that threatens the life, health or security of an individual; where personal information is publicly available as defined by regulation; where collection with knowledge or consent might compromise the availability or accuracy of the information and the collection relates to investigation of a breach of agreement or contravention of law; and where disclosed for debt collection purposes or to comply with a subpoena, warrant or court order.
3.2 Where required, TREATING YOURSELF will generally seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when TREATING YOURSELF wants to use information for a purpose not previously identified).
3.3 TREATING YOURSELF will make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes will be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.
3.4 TREATING YOURSELF will not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes.
3.5 The form of consent sought by TREATING YOURSELF may vary, depending upon the circumstances and the type of information disclosed. TREATING YOURSELF will seek express consent when the information is likely to be considered sensitive. Implied consent will generally be appropriate when the information is less sensitive.
3.6 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. TREATING YOURSELF will inform the individual of the implications of such withdrawal. In order to withdraw consent, an individual must provide notice to TREATING YOURSELF in writing.
PRINCIPLE #4 – LIMITING COLLECTION
The collection of personal information will be limited to that which is necessary for the purposes identified by TREATING YOURSELF . Information will be collected by fair and lawful means.
4.1 TREATING YOURSELF collects personal information from its customers for the purposes described under Principle #2.
4.2 TREATING YOURSELF may also collect personal information from such third parties as credit bureaus, employers or personal references or other third parties that represent that they have the right to disclose the information.
4.3 The Site uses a feature of Internet web browsers called a cookie, which is a file that is sent to your browser from the Site’s computers and stored on your computer’s hard drive. A cookie assigns a unique identification code to your computer in order to collect anonymous information. On this Site, cookies are used to help us track visitors, conduct research and improve our content and services.
TREATING YOURSELF ‘s cookies do not collect personal information. TREATING YOURSELF only collects personal information if you knowingly and willingly provide such information. You may set your Internet web browser to notify you when you receive a cookie or to prevent cookies from being sent. If you prevent a cookie from being sent, you may limit the functionality of the Site.
PRINCIPLE #5 – LIMITING USE, DISCLOSURE, AND RETENTION
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as otherwise required or permitted by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes or as otherwise required or permitted by law.
5.1 TREATING YOURSELF may collect, use or disclose personal information without the individual’s knowledge or consent in certain circumstances as described in Principle #3.1.
5.2 TREATING YOURSELF may disclose a customer’s personal information to: Our contracted agency or company or personnel involved in the development, promotion, marketing or enhancement of TREATING YOURSELF products and services;
5.4 TREATING YOURSELF will retain personal information that has been used to make a decision about an individual long enough to allow the individual access to the information after the decision has been made, and, in the event of an access request or a challenge, long enough to exhaust any recourse an individual may have under the law.
PRINCIPLE #6 – ACCURACY
Personal information will be updated as necessary for the purposes for which it is to be collected and used.
6.1 The extent to which personal information will be updated will depend upon the use of the information, taking into account the interests of the individual. Information will be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual.
6.2 TREATING YOURSELF will not routinely update personal information unless such a process is necessary to fulfill the purposes for which the information was collected.
6.3 Personal information that is used on an ongoing basis, including information that is disclosed to third parties, will generally be accurate and up-to-date to the best of TREATING YOURSELF ’s knowledge unless limits to the requirement for accuracy are clearly set out.
PRINCIPLE #7 – SAFEGUARDS
TREATING YOURSELF will use reasonable efforts to protect personal information by security safeguards appropriate to the sensitivity of the information.
7.1 TREATING YOURSELF has invested and deployed a wide variety of technology and security features to ensure the privacy of personal and anonymous information on its network. In addition, TREATING YOURSELF has implemented strict operations guidelines to safeguard customer privacy at every level of its organization. TREATING YOURSELF will continue to revise policies and implement additional security features as new technologies become available. Unfortunately, no system is perfect; therefore, TREATING YOURSELF makes no representations or warranties with regard to the sufficiency of these security measures. TREATING YOURSELF shall not be responsible for any actual or consequential damages (or any other damages or liability of any kind whatsoever, whether as a result of negligence or otherwise) that result from a lapse in compliance with this Policy because of a security breach or technical malfunction.
7.2 TREATING YOURSELF protects all personal information regardless of the format in which it is held. The methods of protection include: physical measures, such as locked filing cabinets and restricted access to offices; organizational measures, such as security clearances and limiting access on a “need to know” basis; technological measures, such as the use of passwords and encryption.
PRINCIPLE #8 – OPENNESS
TREATING YOURSELF will, upon written request, make readily available to individuals specific information about its policies and practices relating to the management of personal information, other than confidential commercial information.
8.1 TREATING YOURSELF will make its policies and practices with respect to the management of personal information comprehensible and accessible, by providing upon request: the name, title, and address of the Privacy Officer accountable for TREATING YOURSELF‘s policies and practices and to whom complaints or inquiries can be forwarded; the means by which an individual can gain access to his or her personal information held by TREATING YOURSELF ; and a description of the type of information held by TREATING YOURSELF and/or its subsidiaries, including a general account of its use.
PRINCIPLE #9 – INDIVIDUAL ACCESS
Upon written request, an individual will be informed of the existence, use, and disclosure of his or her personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 Upon written request, TREATING YOURSELF will inform an individual whether or not the organization holds personal information about that individual, and will provide that individual with a reasonable opportunity to review the personal information in his or her file.
9.2 TREATING YOURSELF will allow the individual access to his or her personal information once the individual has provided TREATING YOURSELF with a written request application. The application will include sufficient information to permit TREATING YOURSELF to provide an account of the existence, use, and disclosure to any third parties of this personal information. TREATING YOURSELF will use the application only for this purpose.
9.3 TREATING YOURSELF will respond to an individual’s written request within 30 days unless this period is extended in accordance with applicable legislation, in which case notice will be sent to the individual within 30 days regarding the extension, the reasons for it and the individual’s rights in connection with it. TREATING YOURSELF will assist any individual who informs it that they need assistance in preparing a request. While the response will typically be provided at no cost to the individual, depending on the nature of the request and the amount of information involved, TREATING YOURSELF reserves the right to impose a cost. In these circumstances, TREATING YOURSELF will inform the individual of the approximate cost to provide the response and proceed upon payment. The requested information will be provided or made available in a form that is generally understandable.
9.4 TREATING YOURSELF will be as specific as possible in providing an account of third parties to which it has disclosed personal information about an individual. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, TREATING YOURSELF will provide a list of organizations to which it may have disclosed information about the individual.
9.5 In certain instances, TREATING YOURSELF will not be able to provide the individual access to his or her personal information. Where permitted, the reasons for denying access will be provided to the individual. This will be done upon the individual’s request unless TREATING YOURSELF is required by law to provide such written reasons. Exceptions to the grant of an access request may include: information that contains references to other individuals or contains confidential commercial information, where such information cannot be severed from the record; information protected by solicitor-client privilege; information properly collected without the knowledge or consent of the individual for purposes related to investigating a breach of an agreement or a contravention of law; information generated in the course of a formal dispute resolution process; and as required or permitted by law.
9.6 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, TREATING YOURSELF will amend the information as required. Depending upon the nature of the information challenged, an amendment may involve the correction, deletion or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
9.7 When a challenge is not resolved to the satisfaction of the individual, TREATING YOURSELF will record the substance of the unresolved challenge. When appropriate in TREATING YOURSELF ’s judgment, the unresolved challenge will be transmitted to third parties having access to the information in question.
PRINCIPLE #10 – CHALLENGING COMPLIANCE
An individual will be able to address a challenge concerning compliance with the above principles to TREATING YOURSELF’s Privacy Officer.
10.1 TREATING YOURSELF will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information.
10.2 TREATING YOURSELF will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures.
10.4 TREATING YOURSELF will investigate all complaints. If a complaint is found to be justified, TREATING YOURSELF will take appropriate measures, including, if necessary, amending its policies and practices. We will take all necessary steps to protect the information you share with us, including using appropriate security technology for credit card data used in electronic commerce transactions.